Staying Safe and Secure in an Online World
Unfortunately, now more than ever, the security of our private information and the integrity of our finances are in real danger. We wrote this guide to help you navigate the increasingly complicated online world and keep yourself safe.
A Brief History of Cyber-security and Online Dangers
First, a little background on us and history of this topic. We have been technology industry practitioners for many years and involved right alongside the mainstream introduction of the Internet back in the mid-1990s. Security has always been a concern with systems getting breached and bad things happening even in the early days. But, it wasn’t until the early 2000s, where the concerns became more realized and threats more widespread. Now, in the past 10 years, we have entered a reality that online security is a major and persistent problem for countries and businesses to private individuals. It’s no longer the potential consequences or the theoretical attack that could happen. We’ve now seen countless examples of attacks successfully happening at all levels and affecting individuals personally. A great example of this was the Equifax credit agency breach in 2017, where 150 million people were impacted by their most important and private information being stolen.
The Vectors and What You Need to Know
Everyone is aware, by now, of multiple attacks that are possible against them. Perhaps you clicked on something you shouldn’t have and got a virus on your computer in the past. Or, you answered a call from someone masquerading as someone that they really weren’t and you volunteered information you shouldn’t have given. These are classic technical and non-technical (what we call, social engineering) methods to get you to do something that you shouldn’t.
This is critical to understand, even though it seems basic; all of the hundreds of different ways the criminals do their deed is dependent on you doing something. That’s what they’re trying to elicit from you, an action that is going to make you sorry. What makes this worse is that their methods have gotten much more sophisticated through time. Today, even if you’re paying attention and look at the Trojan Horse right in the mouth, it may not be at all easy to figure out the danger.
Let’s look at a couple of examples. E-mail delivery of a virus is something that almost everyone is aware of today, as it’s been a long-standing vector of attack. We’ve learned to not open attachments from people that we don’t know. What’s changed, however, is these e-mails can look very convincing. They appear as they are coming from your family, friends, employer, or bank. They’ve also mostly stopped with attachments and entice you to click on a link instead. If you’re in a hurry, you can be fooled to let your guard down to perform an action that you normally wouldn’t.
Another example is when the technology is new to us and we’re just not aware of the rules of the game. A recent attack vector has been texting people about some topic and instructing them to text back “STOP” if the message doesn’t apply to them. Sounds reasonable, right? Except, it violates the golden rule of don’t perform an action without first understanding the full consequences. This vector preys on people by appealing to their common sense. Ultimately, they’re doing exactly what an unknown party wants them to do. One instruction leads to another and you are quickly victimized through various technical means.
Staying Safe Online Doesn’t Have to Be Hard
Even though security researchers are locked in a 7x24 cat & mouse game with cyber criminals, our part doesn’t have to involve a lot of research and technical knowledge. Instead, we suggest keeping your guard up by following these simple suggestions:
- SLOW DOWN – Don’t be in a hurry and consider your actions while online or on your smartphone. This may seem to be hard advice to implement in our fast-paced lives. But, realize that this is a critical part of the social engineering game the bad guys play to victimize you. Live fast, if you must, but slow down during certain times with recommendations below on the when & how.
- BE A HARD TARGET – E-mails are still a great method for the bad guys because they are cheap to send en masse and even that tiny percentage of people not paying attention still means great gains for the criminals. Do not click on any attachments or any links. Also, realize that a link may not look like a link. Don’t click on pictures, on “login” buttons, or follow any instructions that someone gives you. Your bank or other legitimate parties will never instruct you to perform an action in an e-mail. Instead, they’ve learned about these ploys and have changed their wording to instruct you to go to their site to login or perform any action. Again, do not click on anything in an e-mail unless you are 100% sure it’s legitimate and that the click won’t have something bad happen. There used to be a time, if you were tech savvy, you could “hover” over the link and see what the destination was. Today, the link’s true destination can be masked. Don’t do it.
- BE GREEDY – Whether you’re texted or called, do not offer information to anyone about anything. Again, legitimate parties should have changed their policies and have other methods to interact with you. If anyone is asking you for information via text, e-mail, phone call, or in any other way pressuring you to give them something, that should be a huge red flag for you.
- CONTAIN THE DAMAGE – Realize that breaches are going to happen and your information that you entrusted to another party is going to get compromised. So, automatically assume that a password that you used on one site can’t be used on another. Leverage a password program to hold a unique password for every website or account that you have. Don’t use the same passwords or easy variations among different websites. You should use impossible-to-guess passwords that have 12 or more characters (lower and upper-case letters, numbers, and special characters, if supported). And, for particularly sensitive accounts, like bank or credit cards or other financial sites, you should also obscure your username. For example, instead of JaneDoe, use something like Y6^%cD8Y2P~1. Yes, that’s your username. Just like your password, it will be impossible to crack and will stop the bad guy cold before he can even start a password attack. Here’s the program that we personally use and love: SplashID.
Our final recommendation is to also protect all important documents and sensitive mail that you receive that you are currently just throwing in the trash at home or at the office. We use this paper shredder to prep paperwork, old credit cards, CDs, and other materials that have sensitive information to be thrown out into the trash. Remember, what you put out on the curb of your house or the dumpster of your business is now in the public domain. The term dumpster diving has been around for decades because it’s a rich source of information for the bad guys.
We hope this article was useful to you. Please provide any comments and questions that you have around this topic. Stay safe out there!